PoC: Control access to FW RAM

Allow FW RAM access only in the following execution contexts: - Firmware mode - IRQ_SYSCALL_HI Input port `system_mode` of the `fw_ram` module is replaced with an enable port. Since access to FW RAM not longer depend only on system_mode
2025-11-25 10:03:13 -05:00 · 2024-12-11 14:29:04 +01:00 · 2024-12-11 14:29:04 +01:00 · 62dba7c4fe
commit 62dba7c4fe
parent a871d23d5d
7 changed files with 92 additions and 37 deletions
--- a/hw/application_fpga/fw/irqpoc_with_app/start.S
+++ b/hw/application_fpga/fw/irqpoc_with_app/start.S
@ -11,6 +11,8 @@

 #include "custom_ops.S"  // PicoRV32 custom instructions

+#define illegal_insn() .word 0
+
 	.section ".text.init"
 	.globl _start
 _start:
@ -24,18 +26,38 @@ irq_handler:
 	// PicoRV32 stores the IRQ bitmask in x4.
 	// If bit 31 is 1: IRQ31 was triggered.
 	// If bit 30 is 1: IRQ30 was triggered.
-
-	nop // NOPs are not necessary. Only added to make it easier to find
-	nop // when simulating.
-	nop
+irq_syscall_lo_check:
+	li t4, (1 << 30)
+	bne x4, t4, irq_syscall_hi_check
+	// Firmware RAM should not be readable from IRQ_SYSCALL_LO
+	call check_cannot_read_test_val_from_fw_ram
+	j irq_source_check_done
+irq_syscall_hi_check:
+	li t4, (1 << 31)
+	bne x4, t4, unexpected_irq
+	// Firmware RAM should be readable from IRQ_SYSCALL_HI
+	call check_can_read_test_val_from_fw_ram
+	j irq_source_check_done
+unexpected_irq:
+	illegal_insn()
+irq_source_check_done:
 	picorv32_retirq_insn() // Return from interrupt

 //
 // Init
 //
-	.=0x20 // Setting location of init to 0x20. Makes it easier to find when
-	       // simulating.
+	.=0x100
 init:
+	// Save test value in firmware RAM
+	li t0, 0xd0000000
+	li t1, 0x5555aaaa
+	sw t1, 0(t0)
+
+	// Firmware RAM should be readable from firmware mode
+	call check_can_read_test_val_from_fw_ram
+
+
+	// Enable IRQs
 	li t0, 0x3fffffff // IRQ31 & IRQ30 mask
 	picorv32_maskirq_insn(zero, t0) // Enable IRQs

@ -59,10 +81,15 @@ copy_app:
 //
 	.align 4
 app_start:
+	// Firmware RAM should not be readable from app mode
+	call check_cannot_read_test_val_from_fw_ram
+
+	// Raise IRQ_SYSCALL_HI
 	li t0, 0xe1000000 // IRQ_SYSCALL_HI (IRQ31) trigger address
 	sw zero, 0(t0) // Raise IRQ by writing to interrupt trigger address.
 	               // Writing any data triggers an interrupt.

+	// Raise IRQ_SYSCALL_LO
 	li t0, 0xe0000000 // IRQ_SYSCALL_LO (IRQ30) trigger address
 	sw zero, 0(t0) // Raise IRQ by writing to interrupt trigger address.
 	               // Writing any data triggers an interrupt.
@ -70,6 +97,27 @@ app_start:
 	jalr zero, 0(zero) // Jumping to firmware. Expecting trap
 app_loop:
 	j app_loop
+
+
+check_cannot_read_test_val_from_fw_ram:
+	li t0, 0xd0000000
+	lw t1, 0(t0)
+	li t2, 0
+	bne t1, t2, cannot_read_test_val_from_fw_ram_fail
+	ret
+cannot_read_test_val_from_fw_ram_fail:
+	illegal_insn()
+
+check_can_read_test_val_from_fw_ram:
+	// Check that saved test value can not be read while in app mode
+	li t0, 0xd0000000
+	lw t1, 0(t0)
+	li t2, 0x5555aaaa
+	bne t1, t2, can_read_test_val_from_fw_ram_fail
+	ret
+can_read_test_val_from_fw_ram_fail:
+	illegal_insn()
+
 	.align 4
 app_end: